Analysis: Russia also attacks Ukraine over the internet; understand cyberwar

Right now, Russia is invading Ukraine. These warlike maneuvers, however, are very different from “traditional” operations. Along with conventional warfare, a wide array of tools that characterize the new type of cyber warfare are being deployed.

Russia has been preparing for this for at least eight years, since the annexation of Crimea in 2014.

A frightening new type of hybrid warfare, mixing military operations and cyberattacks, is underway in Ukraine and needs to be watched carefully.

Anyone interested in cybersecurity and national security will look very closely at the ramifications of the invasion that is taking place, as this is what warfare looks like in the 21st century.

Russian operations will be multifaceted and will include a large number of cyberweapons that will be used, at best, to destroy Ukrainian infrastructure or, more likely, to turn such infrastructure into additional weaponry.

Let’s start with the most “trivial” type of attack. On Wednesday (23), a number of Ukrainian government websites became inaccessible after a massive DDoS attack. DDoS, or Distributed Denial of Service, is a type of attack intended to overwhelm websites with a huge number of access requests. The result is that the website, and consequently the corresponding service, is unavailable.

Several government websites and several state-owned banks have been unavailable in recent weeks, disrupting public digital services and online banking in the country. However, while DDoS attacks are among the most common, they are just the most visible tip of the iceberg.

Since 2014, backdoors have been created in critical parts of Ukraine’s infrastructure to be exploited at the most convenient time.

In 2017, the notorious “NotPetya” cyberattack was the most damaging in Ukraine’s history, bringing much of the country and many sectors of the economy to a halt. Several researchers and a White House report attributed this attack to Russian-linked hackers.

The NotPetya malware was a test. He managed to disable a radiation monitoring system at the Chernobyl plant, less than 100 km from Kiev. This attack sent out a very clear signal: it’s not just your IT infrastructure that is vulnerable. Any connected system or device is vulnerable.

For years, the Ukrainian infrastructure has been slowly embedded with malware, creating out-of-the-box backdoors. Some of them are even advertised for purchase on the dark web, including flaws allowing access to carrier internet networks, banking systems, water channels and power stations.

It is possible, and even likely, that power systems, telecommunications and internet networks will be severely disrupted to create chaos during the invasion. Russia has the technical skills and tools to do this, and it has no reason to think that in a war it will not use such capabilities.

A complete interruption of communications would be very difficult, if not impossible, to achieve.

But very serious damage, leading to a blackout of several of the networks that make up Ukrainian electronic systems (especially if the power system is also the target) is possible — and even likely.

This is not just to facilitate the entry of Russian troops. It is important to remember the psychological component of warfare, which can be greatly impacted by cyber operations. Imagine how lost you would feel if the war was going on and suddenly you couldn’t call your family or access the internet for updates on the invasion.

Also, an extremely important consideration: in the last decade, Russia has prepared not only offensive but also defensive cyber capabilities.

Since the Snowden revelations, Russia has been building its digital sovereignty. In 2019, it adopted the Internet Sovereignty Law, forcing the implementation of new rules and technical tools that allow Russia to disconnect the national segment of the internet, called “Runet”, in the event of an attack.

This was seen by most Western observers as an excuse to tighten control over the Russian population. It was a very naive interpretation. Russia was preparing for a cyber war. Today, Russia, along with China, is clearly the most advanced nation in this regard and probably the only one capable of withstanding sophisticated cyberattacks.

Interestingly, on February 24, several government websites in Russia, including the Kremlin, the State Duma, and the Russian Army, became unavailable. Some experts argue that this was the result of foreign cyberattacks — but this is just one possible interpretation.

More likely, Russia is geographically encircling its cyberspace. It is likely that the Russian government is implementing what it has been preparing for years: disconnecting its most critical infrastructure from the internet.

Paradoxically, in times of digitalization strategies and plans, Ukraine’s greatest asset against cyberattacks is precisely not being fully digitized. What Russia, which is a much more digitally developed country, has been preparing for years is something that is still normal in digitally backward countries: being able to disconnect its infrastructure.

Large parts of Ukrainian infrastructure are not yet digitized. This means they can literally be disconnected by switching to analogue mode, as happened during an attack on Kiev airport in 2021.

If you can unplug and switch to manual control, restoring order is much easier than when everything is permanently plugged in, your system is hacked and restoring it requires a very skilled and costly intervention.

In an era of digital transformation, the ability to disconnect has never been more valuable.